fix(transaction): Add special barrier for blocking tx

[dranikpg]

Currently we assume waking a transaction is exlusive and we ensured exclusivity with

if (wakeup_requested_.fetch_add(1, memory_order_relaxed) > 0) return

in NotifySuspended()

However we ensured no exclusivity with cancelling or timing out. I.e. it was totally possible for a transaction to time out and start preparing the cleanup hops, while another thread would call NotifySuspended(). What is more, we removed COORD_BLOCKED only after we called Expire, so we could be cancelled while we are expiring. This results in a lot of unsafe data parallel accesses.

Another problem here is also that once we do

wakeup_requested_.fetch_add(1, memory_order_relaxed)

we technically allow blocking_ec_ in the coordinator to pass. If it wasn't suspended and just reached the check (fast path), it will proceed without waiting for the foreign thread to actually finish modifying the values. Paired with no proper acquire/release semantics later on, this is a very unsafe inter-thread exchange

Instead I suggest to use SingleClaimBarrier

"Single claim - single modification" barrier. Multiple threads might try to claim it, only one
will succeed and will be allowed to modify the barrier until it releases it.

with proper expiration

Wait for barrier until time_point, indefinitely if time_point::max() was passed.
Expiration plays by the same rules as all other threads, it will try to claim the barrier or
wait for an ongoing modification to release.

It results in very simple guarantees:

• If any actor (blocking controller, expiration, cancellation) has claimed the barrier with TryClaim(), it is totally safe to for it perform modifications until Release()
• The barrier can be claimed only once and no modifications can be performed without claiming it, so we have no ambiguity on how to interpret Expire() during NotifySuspended()
• If TryClaim() returned false we have to discard our operation, no exceptions, if it returned true, we can expect the transaction to be in a clean state - no one modified it before us since registering in the blocking controller

With those guarantees we also don't need EXPIRED_Q and COORD_BLOCKED

Linked:

• fix: Fix deadlock in the transaction code. #956 (fixes concurrent data access instead of exclusivity of operations)
• Remove blpop FindFirst hop after wakeup #1168 (Adds exclusivity for NotifySuspended(), but does it unsafely)

[romange]

why relaxed?

[romange]

I am trying to understand why relaxed is enough here. Do not see any obvious reasons why not and it makes me nervous. Usually, it should not be like this.

[dranikpg]

1. It was relaxed to begin with 😆
2. Currently code touches only shard local state or expire/cancel are placed on the coordinator thread
3. If we acquire, what is our corresponding release pair? We had an acuiqre/release for the hop that prepared suspension, since then we did no writes to our local state, so there is noting to sync
4. I can make it acquire because though I assume it might have real impact on the conclusion writes

Will think about it

[romange]

what do you mean by local data here?

[dranikpg]

Need to phrase it more clearly. My thought is that we're on the owning thread and we don't suspend, so we can for example read keys as we do below. Of course just accessing transaction state wouldn't be allowed for anyone else

[dranikpg]

1. It was relaxed to begin with 😆
2. Currently code touches only shard local state or expire/cancel are placed on the coordinator thread
3. If we acquire, what is our corresponding release pair? We had an acuiqre/release for the hop that prepared suspension, since then we did no writes to our local state, so there is noting to sync
4. I can make it acquire because though I assume it might have real impact on the conclusion writes

Will think about it

[dranikpg]

Same here, I have an acquire here because currently our event-count doesn't provide us with one on the fast path

[dranikpg]

Need to phrase it more clearly. My thought is that we're on the owning thread and we don't suspend, so we can for example read keys as we do below. Of course just accessing transaction state wouldn't be allowed for anyone else

[dranikpg]

I've ran sidekiq loadtests on graviton, seems to pass

[romange]

totally subjective - maybe to call it BatonBarrier ?
i.e.

[dranikpg]

Indeed, I only know of folly::Baton and it's somewhat different, but in some way it makes sense and is a more entertaining name 😆

[romange]

something is wrong here. Also maybe "baton_barrier_" ?

[dranikpg]

Baton barrier doesn't indicate where its used, it like calling an atomic variable just atomic.

blocking_ec just became blocking_barrier... how else can we call blocking transactions? Suspension_barrier, watch_barrier, notify_barrier?